Use getgrouplist() instead of getgrnam()

[michaelrsweet]

Version: 2.2-feature
CUPS.org User: twaugh.redhat

I've had a report that using getgrnam() can be unreliable:
https://bugzilla.redhat.com/show_bug.cgi?id=1204379

and that the more common case of count(groups user is in) < count(users in group) would be speeded up by the use of getgrouplist().

A patch is available at the original bug report. What do you think about this general approach?

[michaelrsweet]

CUPS.org User: mike

Will consider, and need to make sure this is portable. But more promising than some of the other proposed fixes for this over the years...

[urusha]

We use CUPS with winbind (for determining group membership of domain users). Since samba 4.2 "winbind enumerate groups" parameter is 0 by default. So "getent group somegroup" doesn't return any members. This makes CUPS AllowUser with "@" statements work only with primary groups of users.
As I see in scheduler/auth.c CUPS (2.1.3) loops through members of group instead of just looping through current user's group list (getgrouplist.3) which is much faster I suppose, especially when comparing to groups containing hundreds of users.
In smb.conf(5) this behavior is called "broken applications". I think it's true for this case, at least when talking about performance.
Also, I have to say that many distributions have updated samba major versions (e.g. 4.1-> 4.3) after bad lock vulnerability - so this issue could affect many current installations of CUPS+winbind. smb.conf workaround is trivial, but I think this change should be included to the next release.
Thanks for attention.

[michaelrsweet]

[master 6eb98ae] The scheduler now uses the getgrouplist function when available (Issue #4611)